On Sat, 28 Dec 2002, andy thomas wrote: > Unauthorised connection attempts to a server running samba 2.2.0a are a > daily occurrence but incorrect usernames/share names prevent accesses to > shares and this is not normally anything to worry about. But looking > through the smbd logs on this server I found one instance where someone > apparently knew the 6 usernames listed in the smbpasswd file and tried to > use those in turn to gain access. (This was unsuccessful as passwords > are used to protect access to shares).
At work we had a similar attack on the Win2K PDC. Apparently on Windows it's a standard feature to enumerate the known users. Then the attacker tries a short list of weak passwords on each one. We had it set up so repeated authentication failures would lock the account. The helpdesk person really had her hands full that day! Probably all that's necessary is to browse the [homes] directory. James F. Carter Voice 310 825 2897 FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: [EMAIL PROTECTED] http://www.math.ucla.edu/~jimc (q.v. for PGP key) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
